diff options
| -rw-r--r-- | WifiStackPermissionConfig/Android.bp | 40 | ||||
| -rw-r--r-- | WifiStackPermissionConfig/AndroidManifest.xml | 41 | ||||
| -rw-r--r-- | WifiStackPermissionConfig/AndroidManifest_InProcess.xml | 41 |
3 files changed, 122 insertions, 0 deletions
diff --git a/WifiStackPermissionConfig/Android.bp b/WifiStackPermissionConfig/Android.bp new file mode 100644 index 000000000..766ce61e7 --- /dev/null +++ b/WifiStackPermissionConfig/Android.bp @@ -0,0 +1,40 @@ +// +// Copyright (C) 2019 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +java_defaults { + name: "WifiStackPermissionConfigDefaults", + sdk_version: "system_current", + min_sdk_version: "29", + privileged: true, +} + +// Stub APK to define permissions for WifiStack +android_app { + name: "WifiStackPermissionConfig", + defaults: ["WifiStackPermissionConfigDefaults"], + certificate: "networkstack", + manifest: "AndroidManifest.xml", +} + +// Alternative stub APK signed with platform certificate. To use with InProcessWifiStack. +// TODO (b/135753701): Test this path. +android_app { + name: "PlatformWifiStackPermissionConfig", + defaults: ["WifiStackPermissionConfigDefaults"], + certificate: "platform", + overrides: ["WifiStackPermissionConfig"], + manifest: "AndroidManifest_InProcess.xml", +} diff --git a/WifiStackPermissionConfig/AndroidManifest.xml b/WifiStackPermissionConfig/AndroidManifest.xml new file mode 100644 index 000000000..fb56eaef3 --- /dev/null +++ b/WifiStackPermissionConfig/AndroidManifest.xml @@ -0,0 +1,41 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + package="com.android.server.wifistack.permissionconfig" + android:sharedUserId="android.uid.networkstack" + android:versionCode="210000000" + android:versionName="R-initial"> + <uses-sdk android:minSdkVersion="29" android:targetSdkVersion="29" /> + <!-- + This package only exists to define the below permissions, and enforce that they are only + granted to apps sharing the same signature. + Permissions defined here are intended to be used only by the WifiStack: both + WifiStack and this stub APK are to be signed with a dedicated certificate to ensure + that, with the below permissions being signature permissions. + + This APK *must* be installed, even if the WifiStack app is not installed, because otherwise, + any application will be able to define this permission and the system will give that application + full access to the network stack. + --> + <permission android:name="android.permission.MAINLINE_WIFI_STACK" + android:protectionLevel="signature"/> + + <application android:name="com.android.server.wifi.WifiStackPermissionConfig" + android:hasCode="false" /> +</manifest> diff --git a/WifiStackPermissionConfig/AndroidManifest_InProcess.xml b/WifiStackPermissionConfig/AndroidManifest_InProcess.xml new file mode 100644 index 000000000..87049a391 --- /dev/null +++ b/WifiStackPermissionConfig/AndroidManifest_InProcess.xml @@ -0,0 +1,41 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + package="com.android.server.wifistack.inprocess.permissionconfig" + android:sharedUserId="android.uid.system" + android:versionCode="210000000" + android:versionName="R-initial"> + <uses-sdk android:minSdkVersion="29" android:targetSdkVersion="29" /> + <!-- + This package only exists to define the below permissions, and enforce that they are only + granted to apps sharing the same signature. + Permissions defined here are intended to be used only by the WifiStack: both + WifiStack and this stub APK are to be signed with a dedicated certificate to ensure + that, with the below permissions being signature permissions. + + This APK *must* be installed, even if the WifiStack app is not installed, because otherwise, + any application will be able to define this permission and the system will give that application + full access to the network stack. + --> + <permission android:name="android.permission.MAINLINE_WIFI_STACK" + android:protectionLevel="signature"/> + + <application android:name="com.android.server.wifi.WifiStackPermissionConfig" + android:hasCode="false" /> +</manifest> |